From 710509e664f62d71a215d5185e5bf89a6879672e Mon Sep 17 00:00:00 2001
From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?=
 <jeremie.galarneau@efficios.com>
Date: Fri, 1 Dec 2017 00:18:03 +0100
Subject: [PATCH] Fix: using putenv() and free()-ing the value is invalid
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

putenv() does not copy the string passed as the parameter. Hence,
free()-ing the string results in an invalid environment. In the
"good" case, we don't care since we execl().

However, on error, our process now has an invalid environment
which can cause breakage further down the line.

Signed-off-by: JÃ©rÃ©mie Galarneau <jeremie.galarneau@efficios.com>
---
 src/bin/lttng-sessiond/main.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/bin/lttng-sessiond/main.c b/src/bin/lttng-sessiond/main.c
index 6113f49ad..ea28feecf 100644
--- a/src/bin/lttng-sessiond/main.c
+++ b/src/bin/lttng-sessiond/main.c
@@ -2450,20 +2450,18 @@ static pid_t spawn_consumerd(struct consumer_data *consumer_data)
 				if (!tmp) {
 					tmp = "";
 				}
-				tmplen = strlen("LD_LIBRARY_PATH=")
-					+ strlen(config.consumerd64_lib_dir.value) + 1 /* : */ + strlen(tmp);
+				tmplen = strlen(config.consumerd64_lib_dir.value) + 1 /* : */ + strlen(tmp);
 				tmpnew = zmalloc(tmplen + 1 /* \0 */);
 				if (!tmpnew) {
 					ret = -ENOMEM;
 					goto error;
 				}
-				strcpy(tmpnew, "LD_LIBRARY_PATH=");
 				strcat(tmpnew, config.consumerd64_lib_dir.value);
 				if (tmp[0] != '\0') {
 					strcat(tmpnew, ":");
 					strcat(tmpnew, tmp);
 				}
-				ret = putenv(tmpnew);
+				ret = setenv("LD_LIBRARY_PATH", tmpnew, 1);
 				if (ret) {
 					ret = -errno;
 					free(tmpnew);
@@ -2491,20 +2489,18 @@ static pid_t spawn_consumerd(struct consumer_data *consumer_data)
 				if (!tmp) {
 					tmp = "";
 				}
-				tmplen = strlen("LD_LIBRARY_PATH=")
-					+ strlen(config.consumerd32_lib_dir.value) + 1 /* : */ + strlen(tmp);
+				tmplen = strlen(config.consumerd32_lib_dir.value) + 1 /* : */ + strlen(tmp);
 				tmpnew = zmalloc(tmplen + 1 /* \0 */);
 				if (!tmpnew) {
 					ret = -ENOMEM;
 					goto error;
 				}
-				strcpy(tmpnew, "LD_LIBRARY_PATH=");
 				strcat(tmpnew, config.consumerd32_lib_dir.value);
 				if (tmp[0] != '\0') {
 					strcat(tmpnew, ":");
 					strcat(tmpnew, tmp);
 				}
-				ret = putenv(tmpnew);
+				ret = setenv("LD_LIBRARY_PATH", tmpnew, 1);
 				if (ret) {
 					ret = -errno;
 					free(tmpnew);
-- 
2.34.1